nis2-agile

AdminGit2026/nis2-agile

Author	SHA1	Message	Date
DevEnv nis2-agile	13df162ec4	[FIX] SIM-06 + EmailService + WebhookService + supplier assessment - ServicesController::provision(): created_by usa userId (INT) non string - EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log) - WebhookService::incidentPayload(): status ?? 'detected' (null-safe) - simulate-nis2.php: supplier assessment usa formato assessment_responses corretto [{question, weight, value: yes\|partial\|no}] Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:56:39 +01:00
DevEnv nis2-agile	ef8b7a90e4	[FIX] Simulator: P.IVA checksum + ServicesController: sectorMap + role enum - simulate-nis2.php: P.IVA demo corrette con checksum Luhn validi (09876543217, 07654321095, 05432109873, 99887766550) - ServicesController::provision(): sectorMap rimappato a valori enum reali (es: 'energia'→'energy', 'finanza'→'banking', 'ict'→'ict_services') - ServicesController::provision(): user_organizations.role 'super_admin'→'org_admin' (super_admin non è nel enum di user_organizations) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:38:02 +01:00
DevEnv nis2-agile	48317e0556	[FIX] Simulator + ServicesController: allineamento a schema DB reale simulate-nis2.php: - sector: ict → ict_services, healthcare → health (enum DB corretto) - employee_count (non employees_count) per OrganizationController ServicesController::provision(): - INSERT organizations: rimossi campi non esistenti (legal_form, ateco_code, etc.) - Usa colonne reali: name, vat_number, employee_count, sector, entity_type, is_active - entity_type: voluntary → not_applicable (enum non supporta voluntary) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:30:20 +01:00
DevEnv nis2-agile	d51c365e46	[FIX] ServicesController + simulate-nis2: adatta a schema users reale (full_name, is_active) - ServicesController::provision(): INSERT users usa full_name/is_active (non first_name/last_name/status) - ServicesController::ssoLogin(): stesso fix per SSO user creation - simulate-nis2::ensureUser(): registration payload usa full_name (non first_name+last_name) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 09:09:07 +01:00
DevEnv nis2-agile	19a9e5622d	[FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti - CrossAnalysisController.php: analyze/history/portfolio (k-anonymity min 2 org) - AIService::crossOrgAnalysis(): aggregazione 9 dimensioni, zero PII nel prompt - cross-analysis.html: chat UI purple theme, 3 tab, quick questions, portfolio stats - index.php: routing /api/cross-analysis/{analyze,history,portfolio} - common.js: link "AI Cross-Analysis" in sidebar sezione Gestione - docs/AI_LEVELS_SCHEMA.md: schema architetturale L1-L5 con matrice privacy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 08:17:53 +01:00
DevEnv nis2-agile	ab0e3755f4	[BACKEND] Completa backend: validate-invite, lookup-piva, ruoli, SIM-06 AuthController: - register() accetta `role` diretto (compliance_manager, org_admin, auditor, board_member, consultant) - Aggiunto validateInvite() → POST /api/auth/validate-invite (no auth) OnboardingController: - Aggiunto lookupPiva() → POST /api/onboarding/lookup-piva (no auth, rate limit 10/min) usato da register.html per P.IVA lookup pre-login Router (index.php): - Aggiunto POST:validateInvite e POST:lookupPiva api.js: - register() invia sia `role` che `user_type` per retrocompatibilità simulate-nis2.php: - SIM-06: B2B provisioning via X-Provision-Secret → org + JWT + API Key - Filtro NIS2_SIM=SIM06 via goto per skip SIM-01→05 indipendenti - readEnvValue() helper per leggere PROVISION_SECRET da .env register.html: - lookupPiva usa /onboarding/lookup-piva (endpoint pubblico) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 17:23:16 +01:00
DevEnv nis2-agile	47a7a25d35	[FIX] InviteController: array_slice(-0) → $where corretto per COUNT query array_slice($where, 0, -0) in PHP restituisce array vuoto (−0=0), generando SQL invalido "WHERE " → PDOException 1064. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:50:37 +01:00
DevEnv nis2-agile	9ccf2a72b5	[FIX] Database::execute() → Database::query() in 5 controller Database non ha metodo execute() — corretto in: InviteController, ServicesController, WebhookController, NormativeController, WhistleblowingController. Causa del HTTP 500 su tutti gli endpoint /api/invites/*. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:49:58 +01:00
DevEnv nis2-agile	d407fd0510	[MKTG-API] Documentazione + auth API Key per licenze - InviteController: requireLicenseAuth() accetta X-API-Key (scope admin:licenses) oppure JWT super_admin — tutti i metodi admin aggiornati - mktg-api-doc.html: risponde alle 6 domande del marketing con esempi curl, tabelle risposta, riepilogo endpoint, link Postman collection - nis2-license-api.postman.json: collection completa (login, create, list, revoke, regenerate, validate, provision) con pre-script salva JWT/invite_id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 16:05:18 +01:00
DevEnv nis2-agile	cb0988da27	[LICENSE] Gestione licenze marketing + campi commerciali estesi - licenseExt.html: dashboard marketing per generare/gestire licenze Login JWT super_admin, stats strip (totali/usate/orgs/utenti), form genera con label/piano/durata/max-aziende/max-utenti/prezzo/reseller, lista paginata con filtri stato+canale, dettaglio modale, revoca/rigenera, export CSV e copia token/URL - Migration 013: invites +max_users_per_org, +price_eur, +reseller_name organizations +license_max_users (da provisioning) - InviteController::create() gestisce nuovi campi, validate() espone max_users_per_org - ServicesController::provision() salva license_max_users nell'org Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:34:38 +01:00
DevEnv nis2-agile	612befd66d	[INVITE] Sistema inviti/licenze B2B + provisioning con invite_token - InviteController: CRUD inviti (gen, list, show, revoke, rigenera, validate) - Token inv_* sha256-hashed, one-shot o multi-use, canali, scadenza - ServicesController::provision() accetta invite_token al posto di X-Provision-Secret Piano e durata forzati dall'invito, markUsed() chiaamto dopo provisioning riuscito - index.php: routing /api/invites/* aggiunto (controller + action map) - integrazioniext.html: nuovo tab "Inviti & Licenze" con flow completo, endpoints, esempi curl/php, guida lg231 aggiornata con sezione provisioning automatico Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:22:25 +01:00
DevEnv nis2-agile	6933e1d3fb	[INTEG] Provisioning B2B automatico + fix JWT helpers - POST /api/services/provision: onboarding automatico tenant da lg231 - X-Provision-Secret auth (master secret, non org-specific) - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato) - Crea admin user con password temporanea (must_change_password=1) - Genera API Key scope [read:all, write:all, admin:org, sso:login] - Emette JWT 2h per apertura immediata UI - Callback webhook a lg231 con api_key - Idempotent: stessa P.IVA → restituisce org esistente - Audit: org.provisioned severity=critical - config.php: PROVISION_SECRET (env var) - BaseController: base64UrlEncode/Decode da private → protected - Migration 011: colonne provisioning + must_change_password + indexes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 15:02:11 +01:00
DevEnv nis2-agile	1f534db33a	[INTEG] Token exchange + SSO federato + Audit trail chiamate esterne ServicesController: - POST /api/services/token: lg231 invia API key → riceve JWT 15min - POST /api/services/sso: SSO federato con identità utente + responsabilità → crea/trova utente NIS2 + emette JWT 2h con ruolo e responsibilities - Audit trail: ogni chiamata esterna autenticata loggata (api.external_call) - SSO login loggato come auth.sso_login severity=warning con responsabilità Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:46:27 +01:00
DevEnv nis2-agile	07c1a71685	[MIGRATE] Migrazione a nis2.agile.software - Tutti i riferimenti nis2.certisource.it → nis2.agile.software - Apache vhost HTTP nis2.agile.software attivo su Hetzner - Script setup-nis2-agile-software.sh: certbot SSL + redirect da vecchio dominio - .env server: APP_URL aggiornato a https://nis2.agile.software - CLAUDE.md, docs commerciali, integrazioni, API docs aggiornati DNS da aggiungere in Cloudflare: nis2.agile.software A 135.181.149.254 (proxy OFF) Poi eseguire: bash /opt/devenv/scripts/setup-nis2-agile-software.sh Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 14:07:10 +01:00
DevEnv nis2-agile	874eabb6fc	[FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 - 5 scenari reali: Onboarding, Ransomware Art.23, Data Breach Supply Chain, Whistleblowing SCADA, Audit Hash Chain Verification - simulate-nis2.php: 3 aziende (DataCore/MedClinic/EnerNet), 10 fasi, CLI+SSE - AuditService.php: hash chain SHA-256 stile lg231 (prev_hash+entry_hash) - Migration 010: prev_hash, entry_hash, severity, performed_by su audit_logs - AuditController: GET chain-verify + GET export-certified - reset-demo.sql: reset dati demo idempotente - public/simulate.html: web runner SSE con console dark-theme - Sidebar: link Simulazione Demo + Integrazioni Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:56:53 +01:00
DevEnv nis2-agile	86e9bdded2	[FEAT] Services API, Webhook, Whistleblowing, Normative + integrazioni Sprint completo — prodotto presentation-ready: Services API (read-only, API Key + scope): - GET /api/services/status\|compliance-summary\|risks-feed\|incidents-feed - GET /api/services/controls-status\|assets-critical\|suppliers-risk\|policies-approved - GET /api/services/openapi (spec OpenAPI 3.0.3 JSON) Webhook Outbound (Stripe-like HMAC-SHA256): - CRUD api_keys + webhook_subscriptions (Settings → 2 nuovi tab) - WebhookService: retry 3x backoff (0s/5min/30min), delivery log - Trigger auto in IncidentController, RiskController, PolicyController - Delivery log, test ping, processRetry Nuovi moduli: - WhistleblowingController (Art.32 NIS2): anonimato garantito, timeline, token tracking - NormativeController: feed NIS2/ACN/DORA con ACK tracciato per audit Frontend: - whistleblowing.html: form submit anonimo/firmato + gestione CISO - normative.html: feed con presa visione documentata + progress bar ACK - public/docs/api.html: documentazione API dark theme (Swagger-like) - settings.html: tab API Keys + tab Webhook - integrations/: guide per lg231, SustainAI, AllRisk, SIEM (widget + codice) - Sidebar: Segnalazioni + Normative aggiunte a common.js DB: migration 007 (api_keys, webhook_subscriptions, webhook_deliveries), 008 (whistleblowing_reports + timeline), 009 (normative_updates + normative_ack + seed NIS2/ACN/DORA/ISO) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-07 13:20:24 +01:00
DevEnv nis2-agile	782389849f	[SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit SICUREZZA: - index.php: rimosso CORS wildcard in debug mode (solo origini autorizzate) - AuthController: getClientIP() con X-Forwarded-For sicuro (proxy-aware) - AuthController: refresh token con SELECT FOR UPDATE in transazione atomica - AIService: anonimizzazione dati org nei prompt Anthropic API (no nome/fatturato) UX AUDIT-READY: - dashboard.html: gauge rinominato 'Avanzamento implementazione misure Art.21' - incidents.html: decision tree Art.23 con 5 criteri per 'Is Significant?' - policies.html: banner warning obbligatorio su bozze generate da AI - risks.html: tooltip dettagliati scala Likelihood/Impact (ISO 27005) - assessment.html: progress bar % completamento risposta domande DB: - migration 006: indici performance + audit_log immutabile (trigger) + soft delete Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 12:01:33 +01:00
DevEnv nis2-agile	7080695d06	[FEAT] Ruolo Consulente + Wizard Registrazione v2 - register.html: step 0 scelta profilo (Azienda / Consulente) - onboarding.html: wizard 4-step con P.IVA obbligatoria (auto-fetch CertiSource) - companies.html: nuova dashboard consulente con cards aziende e compliance score - common.js: org-switcher sidebar + role labels corretti per consulente - login.html: routing post-login (consulente → companies.html) - api.js: isConsultant(), setUserRole(), register con user_type - AuthController: user_type=consultant → role=consultant in users table - OnboardingController: multi-org per consulente, duplicate VAT check - 005_consultant_support.sql: aggiunge 'consultant' a user_organizations.role ENUM Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 08:53:30 +01:00
Cristiano Benassati	4e3408e9f6	[FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 1. Fix auto-fill visura: mapping corretto suggested_sector e employees_range, indicatori visivi verdi sui campi auto-compilati, fatturato sempre manuale 2. Adesione volontaria: colonna voluntary_compliance, checkbox in onboarding step 5 quando not_applicable, toggle in settings, reset su ri-classificazione 3. Modulo NCR/CAPA: NonConformityController con 10 endpoint API, tabelle non_conformities + capa_actions, generazione NCR dai gap assessment, predisposizione integrazione SistemiG.agile (webhook + sync) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 08:12:57 +01:00
Cristiano Benassati	6f4b457ce0	[FEAT] Add EmailService, RateLimitService, ReportService + integrations Services: - EmailService: CSIRT notifications (24h/72h/30d), training alerts, welcome email - RateLimitService: File-based rate limiting for auth and AI endpoints - ReportService: Executive HTML report, CSV exports (risks/incidents/controls/assets) Integrations: - AuthController: Rate limiting on login (5/min, 20/h) and register (3/10min) - IncidentController: Email notifications on CSIRT milestones - AuditController: Executive report and CSV export endpoints - Router: 429 rate limit error handling, new audit export routes Database: - Migration 002: email_log table for notification tracking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:12:46 +01:00
Cristiano Benassati	9aa2788c68	[FEAT] Add onboarding wizard with visura camerale and CertiSource integration - New 5-step onboarding wizard (onboarding.html) replacing setup-org.html - Step 1: Choose data source (Upload Visura / CertiSource / Manual) - Step 2: PDF upload with AI extraction or CertiSource P.IVA lookup - Step 3: Verify/complete company data with NIS2 sector mapping - Step 4: User profile completion - Step 5: NIS2 classification (Essential/Important) with summary - OnboardingController with upload-visura, fetch-company, complete endpoints - VisuraService with Claude AI PDF extraction and ATECO-to-NIS2 mapping - CertiSource API integration for automatic company data retrieval - Updated login/register redirects to point to new onboarding wizard Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 19:01:34 +01:00
Cristiano Benassati	c03d22ea48	[FIX] Deploy fixes - Auth header passthrough, dashboard query, landing page - Add Authorization header passthrough in .htaccess for PHP-FPM - Remove invalid 'severity' column query from DashboardController - Add landing page (index.html) with feature overview Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 18:08:43 +01:00
Cristiano Benassati	ae78a2f7f4	[CORE] Initial project scaffold - NIS2 Agile Compliance Platform Complete MVP implementation including: - PHP 8.4 backend with Front Controller pattern (80+ API endpoints) - Multi-tenant architecture with organization_id isolation - JWT authentication (HS256, 2h access + 7d refresh tokens) - 14 controllers: Auth, Organization, Assessment, Dashboard, Risk, Incident, Policy, SupplyChain, Training, Asset, Audit, Admin - AI Service integration (Anthropic Claude API) for gap analysis, risk suggestions, policy generation, incident classification - NIS2 gap analysis questionnaire (~80 questions, 10 categories) - MySQL schema (20 tables) with NIS2 Art. 21 compliance controls - NIS2 Art. 23 incident reporting workflow (24h/72h/30d) - Frontend: login, register, dashboard, assessment wizard, org setup - Docker configuration (PHP-FPM + Nginx + MySQL) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 17:50:18 +01:00

23 Commits